#include <stdio.h>
#include <string.h>
#include "db_auth_mgmt.h"
#include "db_query.h"

char DBA_PASSWORD[64];

void AUDIT_CREATE_TAB(char* table_name, MYSQL* dbsock)
{
	char sql[4096]; 
	sprintf(sql, 
		"CREATE TABLE IF NOT EXISTS %s(\
		    user      		VARCHAR(32) PRIMARY KEY,\
		    auth        	VARCHAR(256),\
		    tm_reg          VARCHAR(32),\
		    tm_log     		VARCHAR(32),\
		    ip_log          VARCHAR(16),\
		    st_log 			INT)\
		    ENGINE=MyISAM DEFAULT CHARSET=utf8 ROW_FORMAT=DYNAMIC;", 
		    table_name );
	//printf("%s\n", sql);
	/* 检查数据库表空间,
		如果表空间不存在，则新建表空间 */
	int rst = mysql_real_query(dbsock, sql, (unsigned int)strlen(sql));
	if (rst) {
	    fprintf(stderr, "MySQL/> CREATE, {ERROR %d} %s\n", mysql_errno(dbsock), mysql_error(dbsock));
	}else{
		//fprintf(stderr, "MySQL/> {INFO} Table '%s' is available.\n", cfgvar.tab_name);
	}
}

/**
  * @brief  审计表插入新注册用户信息
  * @Notes  None
  * @param  
  * @retval 插入操作返回值
  */
int AUDIT_ADD_USER(struct __user_info* userinfo, char* table, MYSQL* dbsock)
{
	/* 检查表是否存在, 如果不存在则新建表 */
	AUDIT_CREATE_TAB(table, dbsock);

	char sql[1024];
	sprintf(sql, 
			"INSERT INTO %s (user,auth,tm_reg)value("
			"\"%s\", "	//User name
			"\"%s\", "	//authentication string
			"\"%s\");",	//register time
			table,
			userinfo->user,
			userinfo->auth,
			userinfo->tm_reg
			);
	
	//printf("%s\n", sql);
	
	int errno; int rst = mysql_real_query(dbsock, sql, (unsigned int)strlen(sql));
	if(rst)
	{ 
		fprintf(stderr, "MySQL/> INSERT, {ERROR %d} %s\n", (errno = mysql_errno(dbsock)), mysql_error(dbsock)); 
		printf("%s\n", sql);
	}
	else{
		//sprintf(query->err, "MySQL INSERT, NO error.");
	}
	return errno;
}

int AUDIT_DEL_USER(struct __user_info* userinfo, char* table, MYSQL* dbsock)
{
	char sql[1024];
	sprintf(sql, 
			"DELETE FROM %s WHERE user='%s' AND auth='%s';",
			table,
			userinfo->user,
			userinfo->auth
			);

	int errno; int rst = mysql_real_query(dbsock, sql, (unsigned int)strlen(sql));
	if(rst)
	{ 
		fprintf(stderr, "MySQL/> DELETE, {ERROR %d} %s\n", (errno = mysql_errno(dbsock)), mysql_error(dbsock)); 
		printf("%s\n", sql);
	}
	else{
		//sprintf(query->err, "MySQL INSERT, NO error.");
	}
	return errno;
}

int AUDIT_UPDATE(char* sql,	MYSQL* dbsock)
{
	int errno; int rst = mysql_real_query(dbsock, sql, (unsigned int)strlen(sql));
	if(rst)
	{ 
		fprintf(stderr, "MySQL/> INSERT, {ERROR %d} %s\n", (errno = mysql_errno(dbsock)), mysql_error(dbsock)); 
		printf("%s\n", sql);
	}
	else{
		//sprintf(query->err, "MySQL INSERT, NO error.");
	}
	return rst;
}

int AUDIT_QUERY_VAR(char* sql, struct __return_struct* retst, MYSQL* dbsock)
{
	return QUERY_VAR(sql, retst, dbsock);
}

/**
  * @brief  root权限添加用户
  * @Notes  用户专属表权限分配, 可在该表被创建之前完成
  * @param  dbname, 允许该用户使用的数据库
  * @param  table, 允许该用户使用的数据库中的某个表
  * @param  dbsock, MySQL连接socket
  * @retval 插入操作返回值
  */
int MYSQL_ADD_USER(struct __user_info* userinfo, char* dbname, char* table,
					MYSQL* dbsock)
{
	char sql[4096]; 	int errno; int rst; 

	/* 创建数据库用户, 只允许需要密码验证的远程访问 */
	sprintf(sql, "insert into mysql.user(Host, User, Authentication_string) values(\"%\", \"%s\", password(\"%s\"));", userinfo->user,	userinfo->auth );
	rst = mysql_real_query(dbsock, sql, (unsigned int)strlen(sql));
	if(rst){ 
		fprintf(stderr, "MySQL/> {ERROR %d} %s\n", (errno = mysql_errno(dbsock)), mysql_error(dbsock)); printf("%s\n", sql);
	}

	sprintf(sql, "flush privileges;");
	rst = mysql_real_query(dbsock, sql, (unsigned int)strlen(sql));
	if(rst){ 
		fprintf(stderr, "MySQL/> {ERROR %d} %s\n", (errno = mysql_errno(dbsock)), mysql_error(dbsock)); printf("%s\n", sql);
	}
	/*
	sprintf(sql, "use mysql;");
	rst = mysql_real_query(dbsock, sql, (unsigned int)strlen(sql));
	if(rst){ 
		fprintf(stderr, "MySQL/> {ERROR %d} %s\n", (errno = mysql_errno(dbsock)), mysql_error(dbsock)); printf("%s\n", sql);
	}
	*/
	/* 为新用户创建专属表 */
	sprintf(sql, 
		"CREATE TABLE IF NOT EXISTS passwd_tab_%s"
				USER_TAB_SCHEME
		    "ENGINE=MyISAM DEFAULT CHARSET=utf8 ROW_FORMAT=DYNAMIC;", 
		    table );
	//printf("%s\n", sql);
	#if 1
	rst = mysql_real_query(dbsock, sql, (unsigned int)strlen(sql));
	if(rst){ 
		fprintf(stderr, "MySQL/> {ERROR %d} %s\n", (errno = mysql_errno(dbsock)), mysql_error(dbsock)); printf("%s\n", sql);
	}
	#endif
	/* 权限控制： 该用户只能访问指定数据库中的某个表 */
	sprintf(sql, "grant all privileges on %s.%s to '%s'@'%%' identified by '%s';", dbname, table, userinfo->user, userinfo->auth);
	rst = mysql_real_query(dbsock, sql, (unsigned int)strlen(sql));
	if(rst){ 
		fprintf(stderr, "MySQL/> {ERROR %d} %s\n", (errno = mysql_errno(dbsock)), mysql_error(dbsock)); printf("%s\n", sql);
	}

	sprintf(sql, "flush privileges;");
	rst = mysql_real_query(dbsock, sql, (unsigned int)strlen(sql));
	if(rst){ 
		fprintf(stderr, "MySQL/> {ERROR %d} %s\n", (errno = mysql_errno(dbsock)), mysql_error(dbsock)); printf("%s\n", sql);
	}
	
	return errno;

}

/**
  * @brief  root权限添加用户
  * @Notes  用户专属表权限分配, 可在该表被创建之前完成
  * @param  dbname, 允许该用户使用的数据库
  * @param  table, 允许该用户使用的数据库中的某个表
  * @param  dbsock, MySQL连接socket
  * @retval 插入操作返回值
  */
int MYSQL_DEL_USER(struct __user_info* userinfo, MYSQL* dbsock)
{
	char sql[1024]; 	int errno; int rst; 

	/* 创建数据库用户, 只允许需要密码验证的远程访问 */
	sprintf(sql, "DELETE FROM mysql.user WHERE user='%s';", userinfo->user);
	rst = mysql_real_query(dbsock, sql, (unsigned int)strlen(sql));
	if(rst){ 
		fprintf(stderr, "MySQL/> {ERROR %d} %s\n", (errno = mysql_errno(dbsock)), mysql_error(dbsock)); printf("%s\n", sql);
	}

	sprintf(sql, "flush privileges;");
	rst = mysql_real_query(dbsock, sql, (unsigned int)strlen(sql));
	if(rst){ 
		fprintf(stderr, "MySQL/> {ERROR %d} %s\n", (errno = mysql_errno(dbsock)), mysql_error(dbsock)); printf("%s\n", sql);
	}
		
	return errno;
}

